Hackers hit health system, swipe data on 220K

A two-hospital health system in Indiana is notifying 220,000 of its patients and employees that their protected health information and Social Security numbers have been compromised following a phishing attack. What's more, cyberattackers were able to swipe data unchecked for more than a year.

Officials at Beacon Health System in South Bend, Indiana, posted a breach notification May 22 on its website, detailing a phishing attack that started back in November 2013 where unauthorized individuals gained access to Beacon employees' email accounts. Hackers had full access to these files from November 2013 to January 2015.

Cyberattackers were able to swipe the personal and protected health information of both employees and patients, including patient names, ID numbers, Social Security numbers, dates of birth, medical diagnoses, treatment data, drivers' license information and other medical-related information.

Officials did not start investigating the attack until March 25, according to a company notice.

The health system is providing affected patients with a year of credit monitoring services.